Nitrokey Storage 2 EC pkcs15-tool


#1

Hello! Is there any way to init this token with openpgp-tool or pkcs15-init with ec?
Tried different ways like:
pkcs15-init --delete-objects privkey,pubkey --id 1 --generate-key ec-nistp256 --auth-id 3 --verify --pin 12345678
Tried ec-nistp256, ec/nistp256, ec/brainpoolP256r1, result is always the same:
Failed to generate key: Not supported
Also if I generate EC keys with GnuPG, pkcs11 tools (like gnutls, p11tool) do not detect token at all…


#2

Which version of OpenSC do you use? Perhaps it’s too old.


#3

I’m on Arch Linux, running OpenSC 0.19… I thought maybe the syntax I’m using is somehow wrong…


#4

This won’t be possible before 0.20.
You can try https://aur.archlinux.org/packages/opensc-git though. The necessary code is already merged in master. I am happy to hear about experiences you made, as the ECC implementation wasn’t heavily tested yet.

Please note that beside the generation of keys there is not much ECC functionality implemented yet in OpenSC master.


#5

Great news! Thanks!)